We covered Directory Browsing and Spidering by using and solving Challenge 001 in OWASP Hackademic free lab.

Directory Browsing & Listing

An attacker can simply browse all the files inside the impacted folders when there is a directory listing vulnerability, which occurs when the website displays the contents of its directories. This frequently results in the public exposure of sensitive items, including internal reports, logs, backups, and even the application’s source code.

Similar to a shared folder or FTP server, directory listing is a webserver function that can assist users in browsing a website’s content. Although this functionality can be enabled for valid reasons, it is more often accidentally enabled because it is the default web server configuration. To make sure that no directories, current or future, are exposed, you want to think about turning it off for the entire program.

Get OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

Video Walkthrough

, , ,
Show Comments

The MasterMinds Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles